Hi , everyone , today i'm going to show how to perform xxe exploitation
for the story , XXE stands for "xml external entity"
it's a kind of vulnerability of web system that takes advantage of a flow of data parsed and dispkayed onto xml related documents

*How XML Works
              xml have basic key concept like

    

    1-entity and referencer in xml

       

    
The example above is what xml looks like , it something where datas are stored following a structure that we called entity , entity contains that tags that give more informations about the subject we face.

    

   1-1 Document Type definition

    

    Like in html concept , the use of document type
    definition in xml is crucial for what we lead to .We
    could think about it as set of rules that engages and
    define the model of an xml file
    Take this example below:

            



    this is another key concept of defining xml object.
  

 2-Exploitation

        

          Now , we'll going to explore how take advantage of
    these situations to handle our goal as pentester .
    
    First of all ,let's talk about how data are stored
    and shared.
    
    So, when both computers agreed on the structure
     they gonna use , they choose the way to share it
     One of the basic key concept is to use an
     "External Entity Reference": that means we index
     some link/file inside of xml entity like a referer
     and then xml when executed will read and load
     the content of parsed data she has.
     
     Example :
            
            
           

            
           

        
    These examples above show how xml is conducted using external referer
    Both of them coming from interesting machine on  Tryhackme i recommand to check out (Advent of Cyber 2024- Day 5)
    
    So the 2nd crafted document is some kind of payload that will load /etc/hosts information of the system the code is executed , which means on some server if you introduce it : below an example using burp repeater



    
    Oh, that's already end ; So that's all for this sequence . I hope this basic understanding of xxe will help you
    understand more concept of Web Application Exploitation
    
    
    You're free to suggest more content to help community grow
    
    Buy me a coffee if you want , it will be cool either
        



contact : dsbsfxtn4@mozmail.com
                        
                        Hope you enjoy it , artemis6x

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

Image
  Sherlock Santa Krampus :  OpTinselTrace24-1: Sneaky Cookies                               I-  Scenario     QUESTION 1: Krampus, a notorious threat actor, possibly social-engineered bingle as email security filters were offline for maintenance. Find any suspicious files under Bingle Jollybeard User directory and get back to us with the full file name explanation: After succesfully unzip the downloaded file , make a tree on it and look for any suspicious coming from Bingle \Jollybeard   user           Answer : QUESTION 2: Using the malicious file sent as part of phishing, the attacker abused a legitimate binary to download and execute a C&C stager. What is the full command used to download and execute the C&C Binary?   explanation : Ok , Inside of the directory where the shorcut file is located , use " lnkinfo"...
Read more »
Image
     It been a while i did'nt talk about Digital Forensic And Incident Response . As a core part of cybersecurity ; we must know some concepts related to memory dump analysis ! Here is the picture ; i'm gonna show you how we triggers information from your dump files / RAM /USB KEY ............          Let's Dive in with this machine : FORENSICS coming from tryhackme.com   1 - Introduction to Memory Dump Analysis Memory dump analysis is a very important step of the Incident Response process . The RAM (memory) dump of a running compromised machine usually very helpful in reconstructing the events/activities that the attacker performed on the machine.     So that rude ; to be simple , using a tool called Volatiltity is pretty helpull when doing stuff with memory dump  If you haven't installed yet , check out this link   https://github.com/volatilityfoundation/volatility3/releases/tag/v2.8.0     Let's go ! !...
Read more »
Image
  Day 18 - ADVENT OF CYBER 2024 TRYHACKME : I could use a little AI interaction! Storyline Hyped with their latest release, a "health checker" service that tracks the health and uptime of the Wareville systems, the Wareville developers envisage the day in which the inhabitants of Wareville have a one-stop shop for seeking the answers to life's mysteries and aiding them in their day-to-day jobs. As an initial first stage, the Wareville developers create an alpha version of WareWise - Wareville's intelligent assistant. Aware of the potential dangers of intelligent AI being interacted with, the developers decided to slowly roll out the chatbot and its features. The IT department is the first to get hands-on with WareWise. For the IT department, WareWise has been integrated with the "health checker" service, making it much easier for the IT department to query the status of their servers and workstations. Learning Objectives In today's task, ...
Read more »